95263efa4af33357726b9477ef532bb1cb4cc112e56492c9182ae7d99e6f644f | Triage

Analysis

max time kernel
149s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 07:09

Sharing

Report Analysis Logs

General

Target

4dabc1cef01ec880b107395eb6857ba0.dll
Size

84KB
MD5

4dabc1cef01ec880b107395eb6857ba0
SHA1

cd8f3a9417d7754bec39168e28dbc07cc027b87a
SHA256

95263efa4af33357726b9477ef532bb1cb4cc112e56492c9182ae7d99e6f644f
SHA512

ed0de2f8a2ab012e9ee4a0398eb2f5ca47fe5a9b91df3b124758cb80ad4ee8159bf34d0aa7f3c35a769e6350f0863a514260f442fc661d7ab262dea06904b3a1
SSDEEP

1536:b2H93TeLOZT3HdMhlsbLu5mGyEq0jWNAtApf4SpG:b2Hkqt39eliuEDx2clppG

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5016	4404	WerFault.exe	31

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4404	2124	regsvr32.exe	31
PID 2124 wrote to memory of 4404	2124	regsvr32.exe	31
PID 2124 wrote to memory of 4404	2124	regsvr32.exe	31

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4dabc1cef01ec880b107395eb6857ba0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4dabc1cef01ec880b107395eb6857ba0.dll
  2⤵
  PID:4404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 600
    3⤵
    - Program crash
    PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4404 -ip 4404
1⤵
PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4404-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download